Vulnerability Description
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHA
- https://www.openwall.com/lists/oss-security/2020/02/19/1
- https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2
FAQ
What is CVE-2020-36837?
CVE-2020-36837 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This ma...
How severe is CVE-2020-36837?
CVE-2020-36837 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36837?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.